Hacking groups are using legitimate cloud offerings such as Amazon Web Services to facilitate malware creation and password cracking, delegates at RSA 2010 were told.
The Russian Business Network (RBN), one of the most powerful and extensive malware and hacking organisations, has been buying time on Amazon's EC2 platform to build malware and attack passwords, according to Ed Skoudis, founder of security consultancy InGuardians.
"Bad guys can use the cloud to improve operations just as we can. The RBN has been using Amazon for the same kind of benefits as the good guys," he said.
"It gives them enormous password hacking tools, and can be used in massive search engine optimisation poisoning attacks."
The RBN, based in northern Russia, is one of the biggest and most professional hacking groups in the world.
The organisation started in the pornography business, but quickly moved to crime and now offers malware-as-a-service and hosting services, and provides credit card data and false identities.
Other security professionals have confirmed the use of mainstream cloud services by the hacking and malware community.
"We use it to number crunch, and so do they," Paul Simmonds, chief information security officer at AstraZeneca, told V3.co.uk.
"After all, one set of numbers is all the same in the end. Cloud gives them the power they need to break passwords efficiently."
Why does Facebook store "my entire call history with my partner's mum", asks developer who requested his Facebook data
Facebook database included text-message metadata - despite not using Facebook Messenger for SMS
Before Ocado could start selling the technology it had developed to other retailers, it had to tear down and rebuild its own monolithic architecture
Successful attack could result in harm to patients and financial loss, warns NHS governing body
Guccifer 2.0 claimed to be a lone Romanian hacker - until a schoolboy error gave him, her or them away